sprinklesforwinners

Big news for Blue Team nerds That nerd who released those Microsoft 0days has created two new repos on GitHub with spooky sounding names indicating they will be releasing two new Windows 0days. Very cool github.com/Nightmare-Ecli…

@Apple stop auto correcting **were** (past tense of is/are) to **we’re** (present tense we are)

The return of the $APE 👀 $eth

@PGdesignsage Looks awesome!

Working on some socials 🙂‍↔️. Drop a berry emoji if you like it 🫐.

@coinbase awful app lag. Way to kill short term trading strategies.

@tayvano_ THIS is not DeFi! (Although I do not necessarily disagree with it)

DeFi just rugged DPRK of $70M. This was surely an insane undertaking by a massive amt of people. I want to say thank you to EVERYONE who played a role. Including those who pushed back. Great things rise from tension, from the hard moments. This is DeFi. DeFi fucking wins.🫡

@immunefi @FolksFinance @Hcrlen @bshyuunn So crazy that you only use ZKPassport for your KYC process. People in the US have drivers licenses. ZKPassport does not support (have the functional ability to support) drivers licenses. Do better

The $25,000 USD @FolksFinance Staking Contracts Audit Competition is finished, and the full results have been posted. 100% of the pool has been paid out! 🥇iam0x04: $3,264 🥈ZenHunter: $1,486 🥉@Hcrlen: $1,379 4⃣Afriauditor: $518 5⃣@bshyuunn: $518 Check the link below for the full leaderboard and bug reports!👇

@griffgreen Seems like a centralized override mechanism. Are we supposed to assume that code is law does not apply to Arbitrum? Is disregarding the entire Ethereum ethos a trade off for L2 benefits?

I'm a member of the Security Council & I can tell you we did not make this decision lightly, there were countless hours of debates, technical, practical, ethical and political. But all it takes for evil to triumph is for good men to do nothing, so today, we decided to do something.

A researcher spent three weeks reading a protocol's code. Found a critical vulnerability that could drain $40 million in user funds. Wrote a detailed report. Submitted it through the official bug bounty channel. The response came eleven days later: "We were already aware of this issue and have been working on a fix internally. As this was a known issue, it does not qualify for a bounty under our program terms." The protocol shipped the fix two weeks after that. The researcher received nothing. I want to tell you why this specific response is the most commonly used and least challenged form of dishonesty in the Web3 security ecosystem — and exactly why it works. The claim "we were already aware" is unfalsifiable. There is no public registry of what issues a team was aware of before a submission arrived. There is no timestamp system for internal security tickets that a researcher can verify. There is no mediation process requiring the team to provide evidence of prior awareness. The researcher cannot prove the negative. The team knows this. The economics make it worse. A $75,000 bounty on a $40 million protocol represents real money. The reputational cost of one disputed finding is manageable. The researcher has no platform with sufficient reach to make the dispute visible. The community will not investigate. The team moves on. Some teams genuinely do discover issues internally before external reports arrive. This happens and the timing is real. But when the same response pattern appears across multiple researchers reporting to multiple programs — and it does, with enough consistency that researchers have started documenting it publicly — the pattern becomes impossible to dismiss as coincidence. What protects researchers: timestamp everything before you submit. Screenshot your proof of concept. Document when you first discovered the issue. Use platforms with mediation processes. Publish a disclosure timeline you communicate to the team before submitting, so they know there is a clock running. What would fix this structurally: an industry standard requiring teams to timestamp internal security issues in a way that creates an auditable record prior to accepting external submissions. Not perfect. Significantly better than the current system where the team's word is the only evidence. What actually fixes it: protocols that pay because they understand the researcher's rational alternative, not because they feel obligated. The researcher in this story made a financially irrational choice to report responsibly. They received nothing for it. The protocol is still running. The user funds that the researcher protected are still in the protocol. Those users will never know. This is the Web3 security ecosystem as it currently exists. Most of the people who know it behave this way have decided it is not worth saying publicly.

@QuestDX I wonder if they could actually get patients their results timely

During this year's Lab Week, we celebrate all of you, the pathologists and laboratory professionals who play such a vital role in patient care every single day. Your efforts truly make a difference in every step of the journey toward better health. #LabWeek

@QuestDX 30+ hours for a weekly BMP result is unacceptable. Do better.

@immunefi @tayvano_ Your KYC service is awful. US has driver licenses

North Korea stole roughly $285 million in 12 minutes from Drift Protocol, but this was not a typical crypto hack. Mitchell Amador, CEO of Immunefi, sits down with @tayvano_ to break down what really happened, why this attack was different, and what it reveals about the new playbook for crypto security breaches.

@ZKPassport It’s 2026, your shit should be able to verify a US drivers license.

@Fortnite NPC commands should override standard NPC logic

@Fortnite there’s something wrong with your “play again” logic

@BogDrakonov Hmmm… What kind of social engineering?

chippi are back! ❤️

Excited to see @GloDollar join the mission — spend dollars, earn $USDGLO, and fuel public goods effortlessly 🌍💸 #PurposeDrivenCommunities #Web3

@BogDrakonov @WhiteHouse Oh No! Are you offended on behalf of someone else?!

An Easter Greeting from Donald J. Trump, 45th and 47th President of the United States: "Happy Easter to all, including the Radical Left Lunatics who are..."